T1525 Implant Internal Image

Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Amazon Web Services (AWS) Amazon Machine Images (AMIs), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored. Unlike Upload Malware, this technique focuses on adversaries implanting an image in a registry within a victim’s environment. Depending on how the infrastructure is provisioned, this could provide persistent access if the infrastructure provisioning tool is instructed to always use the latest image.(Citation: Rhino Labs Cloud Image Backdoor Technique Sept 2019)

A tool has been developed to facilitate planting backdoors in cloud container images.(Citation: Rhino Labs Cloud Backdoor September 2019) If an adversary has access to a compromised AWS instance, and permissions to list the available container images, they may implant a backdoor such as a Web Shell.(Citation: Rhino Labs Cloud Image Backdoor Technique Sept 2019)

View in MITRE ATT&CK®

CRI Profile Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
PR.AA-05.02 Privileged system access Mitigates T1525 Implant Internal Image
Comments
This diagnostic statement protects against Implant Internal Image through the use of privileged account management and the use of multi-factor authentication.
References
    DE.CM-09.01 Software and data integrity checking Mitigates T1525 Implant Internal Image
    Comments
    This diagnostic statement protects against Implant Internal Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.
    References
      PR.AA-05.01 Access privilege limitation Mitigates T1525 Implant Internal Image
      Comments
      This diagnostic statement describes the implementation of least privilege principle, which can be applied to limiting permissions through role-based access controls, file and directory permissions, and the execution of systems and services. Limit permissions associated with creating and modifying platform images or containers based on the principle of least privilege
      References
        PR.PS-01.03 Configuration deviation Mitigates T1525 Implant Internal Image
        Comments
        This diagnostic statement provides protection from Implant Internal Image through the implementation of security configuration baselines for OS, software, file integrity monitoring and imaging. Security baselining and integrity checking can help protect against adversaries attempting to compromise and modify software and its configurations.
        References
          PR.PS-01.09 Virtualized end point protection Mitigates T1525 Implant Internal Image
          Comments
          The diagnostic statement highlights several mechanisms that organizations can implement to protect endpoint systems using virtualization technologies, essentially hypervisor hardening. With this technique, adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Periodically baselining virtual machine images to identify malicious modifications or additions may aid in mitigating this technique and with mitigating interactions with images that are modified anomalously.
          References
            PR.PS-01.09 Virtualized end point protection Mitigates T1525 Implant Internal Image
            Comments
            The diagnostic statement highlights several mitigating controls that organizations can implement to protect endpoint systems using virtualization technologies. Adversaries may implant cloud or container images with malicious code to establish persistence after gaining access to an environment. Periodically checking the integrity of images and containers used in virtualized deployments to ensure they have not been modified to include malicious software may aid in mitigating this type of adversary technique.
            References
              EX.MM-01.01 Third-party monitoring and management resources Mitigates T1525 Implant Internal Image
              Comments
              This diagnostic statement provides for the implementation of procedures for management of third party products such as ensuring cloud service providers support content trust models that require container images be signed by trusted source.
              References

                NIST 800-53 Mappings

                Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
                CM-06 Configuration Settings mitigates T1525 Implant Internal Image
                CM-05 Access Restrictions for Change mitigates T1525 Implant Internal Image
                IA-09 Service Identification and Authentication mitigates T1525 Implant Internal Image
                SI-02 Flaw Remediation mitigates T1525 Implant Internal Image
                RA-05 Vulnerability Monitoring and Scanning mitigates T1525 Implant Internal Image
                SI-03 Malicious Code Protection mitigates T1525 Implant Internal Image
                SI-07 Software, Firmware, and Information Integrity mitigates T1525 Implant Internal Image
                CM-02 Baseline Configuration mitigates T1525 Implant Internal Image
                CM-02 Baseline Configuration mitigates T1525 Implant Internal Image
                IA-02 Identification and Authentication (Organizational Users) mitigates T1525 Implant Internal Image
                CM-07 Least Functionality mitigates T1525 Implant Internal Image
                SI-04 System Monitoring mitigates T1525 Implant Internal Image
                AC-02 Account Management mitigates T1525 Implant Internal Image
                AC-03 Access Enforcement mitigates T1525 Implant Internal Image
                AC-05 Separation of Duties mitigates T1525 Implant Internal Image
                AC-06 Least Privilege mitigates T1525 Implant Internal Image

                Azure Mappings

                Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
                docker_host_hardening Microsoft Defender for Cloud: Docker Host Hardening technique_scores T1525 Implant Internal Image
                Comments
                This control may alert on Docker containers that are misconfigured or do not conform to CIS Docker Benchmarks. This may result in detection of container images implanted within Linux VMs with specific vulnerabilities or misconfigurations for malicious purposes.
                References
                ai_security_recommendations Microsoft Defender for Cloud: AI Security Recommendations technique_scores T1525 Implant Internal Image
                Comments
                This control's "Container images should be deployed from trusted registries only", "Container registries should not allow unrestricted network access" and "Container registries should use private link" recommendations can lead to ensuring that container images are only loaded from trusted registries thereby mitigating this technique.
                References
                alerts_for_linux_machines Alerts for Linux Machines technique_scores T1525 Implant Internal Image
                Comments
                This control may alert on suspicious container images running mining software or SSH servers. Privileged Docker containers and privileged commands running within containers may also be detected. These alerts are only generated on containers in Linux endpoint machines and not for containers running from Azure Docker deployment.
                References
                azure_policy Azure Policy technique_scores T1525 Implant Internal Image
                Comments
                This control may provide recommendations to enable scanning and auditing of container images. This can provide information on images that have been added with high privileges or vulnerabilities.
                References
                defender_for_containers Microsoft Defender for Containers technique_scores T1525 Implant Internal Image
                Comments
                This control may scan and alert on import or creation of container images with known vulnerabilities or a possible expanded surface area for exploitation.
                References
                defender_for_containers Microsoft Defender for Containers technique_scores T1525 Implant Internal Image
                Comments
                This control may alert on containers with sensitive volume mounts, unneeded privileges, or running an image with digital currency mining software.
                References
                defender_for_containers Microsoft Defender for Containers technique_scores T1525 Implant Internal Image
                Comments
                This control may prevent adversaries from implanting malicious container images through fine grained permissions and use of container image tag signing. Image tag signing allows for verifiable container images that have been signed with legitimate keys.
                References

                GCP Mappings

                Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
                artifact_analysis Artifact Analysis technique_scores T1525 Implant Internal Image
                Comments
                Artifact Analysis performs vulnerability scans on artifacts in Artifact Registry or Container Registry (deprecated). When Artifact Analysis is deployed, this security solution can detect known vulnerabilities in Docker containers. This information can be used to detect images that deviate from the baseline norm, and could indicate a malicious implanted images in the environment. Due to the medium threat detection coverage and temporal factor, the control was scored as partial.
                References
                binary_authorization Binary Authorization technique_scores T1525 Implant Internal Image
                Comments
                Each image has a signer digitally sign using a private key. At deploy time, the enforcer uses the attester's public key to verify the signature in the attestation.
                References
                gke_enterprise GKE Enterprise technique_scores T1525 Implant Internal Image
                Comments
                GKE Enterprise incorporates the Anthos Config Management feature to prevent configuration drift with continuous monitoring of your cluster state, using the declarative model to apply policies that enforce compliance. This control can periodically check the integrity of images and containers used in cloud deployments to ensure that adversaries cannot implant malicious code to gain access to an environment.
                References
                google_kubernetes_engine Google Kubernetes Engine technique_scores T1525 Implant Internal Image
                Comments
                After scanning for vulnerabilities, this control may alert personnel of tampered container images that could be running in a Kubernetes cluster.
                References
                security_command_center Security Command Center technique_scores T1525 Implant Internal Image
                Comments
                SCC is able to detect modifications that were not not part of the original container image. Because of the high threat detection coverage and near-real time temporal factor this control was graded as significant.
                References

                AWS Mappings

                Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
                aws_config AWS Config technique_scores T1525 Implant Internal Image
                Comments
                The following AWS Config managed rules can identify running instances that are not using AMIs within a specified allow list: "approved-amis-by-id" and "approved-amis-by-tag", both of which are run on configuration changes. This does not provide detection of the image implanting itself, but does provide detection for any subsequent use of images that are implanted and not present within the allow list, resulting in a score of Minimal.
                References